GitLab team

25 exploits Active since Aug 2020
CVE-2020-13280 WRITEUP MEDIUM WRITEUP
GitLab <13.0.12-13.2.3 - Memory Corruption
For GitLab before 13.0.12, 13.1.6, 13.2.3 a memory exhaustion flaw exists due to excessive logging of an invite email error message.
CVSS 6.5
CVE-2020-13310 WRITEUP MEDIUM WRITEUP
GitLab Runner < 13.1.3, 13.2.3, 13.3.1 - Denial of Service via Malformed Queries
A vulnerability was discovered in GitLab runner versions before 13.1.3, 13.2.3 and 13.3.1. It was possible to make the gitlab-runner process crash by sending malformed queries, resulting in a denial of service.
CVSS 6.5
CVE-2020-26411 WRITEUP MEDIUM WRITEUP
Gitlab <13.4.7, <13.5.5, <13.6.2 - DoS
A potential DOS vulnerability was discovered in all versions of Gitlab starting from 13.4.x (>=13.4 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2). Using a specific query name for a project search can cause statement timeouts that can lead to a potential DOS if abused.
CVSS 4.3
CVE-2020-26414 WRITEUP MEDIUM WRITEUP
GitLab 12.4.0-13.5.5 - Denial of Service via Malicious Package Name Input
An issue has been discovered in GitLab affecting all versions starting from 12.4. The regex used for package names is written in a way that makes execution time have quadratic growth based on the length of the malicious input string.
CVSS 4.3
CVE-2020-26416 WRITEUP MEDIUM WRITEUP
GitLab 8.4.0-13.4.6 13.5.0-13.5.4 13.6.0-13.6.1 - Information Disclosure in Advanced Search
Information disclosure in Advanced Search component of GitLab EE starting from 8.4 results in exposure of search terms via Rails logs. This affects versions >=8.4 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2.
CVSS 4.0
CVE-2021-22166 WRITEUP MEDIUM WRITEUP
GitLab 13.7.0-13.7.1 - Denial of Service via Malformed HTTP Method
An attacker could cause a Prometheus denial of service in GitLab 13.7+ by sending an HTTP request with a malformed method
CVSS 5.3
CVE-2021-22170 WRITEUP MEDIUM WRITEUP
GitLab 11.6.0-13.5.5 - Use of a Broken or Risky Cryptographic Algorithm
Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows an attacker to decrypt some of the database's encrypted content
CVSS 6.2
CVE-2021-22215 WRITEUP HIGH WRITEUP
GitLab 13.11.0-13.11.4 - Information Disclosure via On-Call Rotation Data
An information disclosure vulnerability in GitLab EE versions 13.11 and later allowed a project owner to leak information about the members' on-call rotations in other projects
CVSS 7.5
CVE-2021-39890 WRITEUP LOW WRITEUP
GitLab 14.1.1-14.1.6 - Two-Factor Authentication Bypass via Basic Authentication
It was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authentication in GitLab 14.1.1 and above.
CVSS 3.1
CVE-2021-39900 WRITEUP LOW WRITEUP
GitLab 10.8.0-14.1.6 - Information Disclosure via SendEntry Rails Log Exposure
Information disclosure from SendEntry in GitLab starting with 10.8 allowed exposure of full URL of artifacts stored in object-storage with a temporary availability via Rails logs.
CVSS 2.0
CVE-2021-39932 WRITEUP MEDIUM WRITEUP
GitLab 11.0-14.3.5, 14.4-14.4.3, 14.5-14.5.1 - Denial of Service via Diff Feature
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Using large payloads, the diff feature could be used to trigger high load time for users reviewing code changes.
CVSS 4.3
CVE-2021-39937 WRITEUP MEDIUM WRITEUP
GitLab < 14.3.6, 14.4-14.4.4, 14.5-14.5.2 - Improper Privilege Management via Access Memoization Collision
A collision in access memoization logic in all versions of GitLab CE/EE before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, leads to potential elevated privileges in groups and projects under rare circumstances
CVSS 5.9
CVE-2021-39938 WRITEUP LOW WRITEUP
GitLab 8.15.0-14.3.5, 14.4.0-14.4.3, 14.5.0-14.5.1 - Denial of Service via Deploy Slash Command Regex
A vulnerable regular expression pattern in GitLab CE/EE since version 8.15 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to cause uncontrolled resource consumption leading to Denial of Service via specially crafted deploy Slash commands
CVSS 3.1
CVE-2021-39939 WRITEUP MEDIUM WRITEUP
GitLab Runner 13.7-14.3.5, 14.4-14.4.3, 14.5-14.5.1 - Uncontrolled Resource Consumption via Crafted Docker Image
An uncontrolled resource consumption vulnerability in GitLab Runner affecting all versions starting from 13.7 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker triggering a job with a specially crafted docker image to exhaust resources on runner manager
CVSS 6.5
CVE-2021-39947 WRITEUP MEDIUM WRITEUP
GitLab Runner <14.5.2 - Buffer Overflow
In specific circumstances, trace file buffers in GitLab Runner versions up to 14.3.4, 14.4 to 14.4.2, and 14.5 to 14.5.2 would re-use the file descriptor 0 for multiple traces and mix the output of several jobs
CVSS 5.3
CVE-2022-0151 WRITEUP MEDIUM WRITEUP
GitLab 12.10-14.4.4, 14.5.0-14.5.2, 14.6.0-14.6.1 - Denial of Service via Package Deletion Request
An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not correctly handling requests to delete existing packages which could result in a Denial of Service under specific conditions.
CVSS 6.5
CVE-2022-0152 WRITEUP MEDIUM WRITEUP
GitLab <14.4.5-14.6.2 - Info Disclosure
An issue has been discovered in GitLab affecting all versions starting from 13.10 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was vulnerable to unauthorized access to some particular fields through the GraphQL API.
CVSS 6.5
CVE-2022-0172 WRITEUP MEDIUM WRITEUP
GitLab CE/EE <12.3 - Info Disclosure
An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.3. Under certain conditions it was possible to bypass the IP restriction for public projects through GraphQL allowing unauthorised users to read titles of issues, merge requests and milestones.
CVSS 5.3
CVE-2022-0425 WRITEUP MEDIUM WRITEUP
GitLab 7.9-14.7.1 - Server-Side Request Forgery via Irker DNS Rebinding
A DNS rebinding vulnerability in the Irker IRC Gateway integration in all versions of GitLab CE/EE since version 7.9 allows an attacker to trigger Server Side Request Forgery (SSRF) attacks.
CVSS 5.4
CVE-2022-0477 WRITEUP MEDIUM WRITEUP
GitLab <14.5.4, <14.6.4, <14.7.1 - DoS
An issue has been discovered in GitLab affecting all versions starting from 11.9 before 14.5.4, all versions starting from 14.6.0 before 14.6.4, all versions starting from 14.7.0 before 14.7.1. GitLab was not correctly handling bulk requests to delete existing packages from the package registries which could result in a Denial of Service under specific conditions.
CVSS 4.9
CVE-2022-1413 WRITEUP MEDIUM WRITEUP
GitLab 1.0.2-14.8.5, 14.9.0-14.9.3, 14.10.0 - Insufficiently Protected Credentials via Integration Properties
Missing input masking in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 causes potentially sensitive integration properties to be disclosed in the web interface
CVSS 5.4
CVE-2022-1821 WRITEUP MEDIUM WRITEUP
GitLab CE/EE <14.9.5-15.0.1 - Info Disclosure
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It may be possible for a subgroup member to access the members list of their parent group.
CVSS 4.3
CVE-2022-1935 WRITEUP MEDIUM WRITEUP
GitLab EE 12.0-14.9.4, 14.10-14.10.3, 15.0 - Incorrect Authorization via Project Trigger Token Bypass
Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Trigger Token to misuse it from any location even when IP address restrictions were configured
CVSS 6.5
CVE-2022-1944 WRITEUP MEDIUM WRITEUP
GitLab CE/EE <14.9.5-15.0.1 - Privilege Escalation
When the feature is configured, improper authorization in the Interactive Web Terminal in GitLab CE/EE affecting all versions from 11.3 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows users with the Developer role to open terminals on other Developers' running jobs
CVSS 5.4
CVE-2022-2533 WRITEUP MEDIUM WRITEUP
GitLab <15.1.6-15.3.2 - Auth Bypass
An issue has been discovered in GitLab affecting all versions starting from 12.10 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions were configured, allowing an attacker already in possession of a valid Deploy Token to misuse it from any location.
CVSS 6.5